Payment Card Industry Data Security Standard (PCI DSS, PCI)

The comprehensive set of requirements designed to ensure that any company that processes, stores, or transmits credit card information does so by maintaining a secure environment. The requirements were established to help prevent payment data breaches and payment card fraud.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC), made up of major payment companies, including Visa, MasterCard, American Express, Discover, and JCB, administers and manages the PCI DSS standard. However, enforcing the compliance of PCI DSS is the responsibility of the individual payment brands.

penetration testing

Also called pen testing. An attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. Fortra’s Core Security Core Impact, Cobalt Strike, and IBM i product lines deliver pen testing solutions.    

personally identifiable information (PII)

Data that directly or indirectly identifies a specific individual, such as names, addresses, biometrics, and alphanumeric account numbers.

platform as a service (PaaS)

A form of cloud computing in which a provider delivers hardware and software tools on its own infrastructure to users over the internet.

Pretty Good Privacy (PGP)

An encryption program that provides cryptographic privacy and authentication for data communication. See also Open PGP.

privileged access management (PAM)

Giving users only the access they need and ensuring that least privileged access is enforced. Fortra’s Core Privileged Access Manager (BoKS) product delivers privileged access management solutions.    

purple teaming

A collaborative security practice that integrates the offensive capabilities of an organization's Red Team with the defensive capabilities of its Blue Team to ensure continuous improvement and validate security controls.